Here is some of the text of the hack notice on eBay's home page:
"On Wednesday, we announced that we are asking all eBay users to change
their password. This is because of a cyberattack that compromised our eBay
user database, which contained your encrypted password.
"Because your password is encrypted (even we dont know what it is), we
believe your eBay account is secure. But we dont want to take any chances.
We take security on eBay very seriously, and we want to ensure that you
feel safe and secure buying and selling on eBay. So we think its the right
thing to do to have you change your password. And we want to remind you
that its a good idea to always use different passwords for different sites
and accounts. If you used your eBay password on other sites, we are
encouraging you to change those passwords, too."
This kinda pisses me off. I like Ebay, I really and truly do, and have
used it extensively for many, many years.
It doesn't bother me that they continually send me special offers to
sell items at a discount or free commission (I rarely sell on Ebay) and
it doesn't bother me that they will continually tell me that some
"consumable" I bought three months ago can be had once again.
What DOES bother me is that they have an incident like this and,
apparently, unless you have a browser with Java active (and it's
somewhat ironic that Java itself is often a security problem so many
disable it)and up to date, you don't get the message. I logged in to my
account this morning and... NO WARNING! I checked my Ebay message
center and... NO WARNING! I looked around their security page, etc.
and... Yep, NO WARNING!
I saw no warning whatsoever on the website until I, like Doug swapped
out my password. Only then did I get a pop up box that referred to the
breach and suggested that I change my password. No shit, Sherlock,
that's exactly what I intended to do but you couldn't send me an email
alert like you do several times a week trying to spur activity on your
website? (and I did go back and sort through the trash bin... not a peep
about the breach from them).
I never get offers on the webpage. I don't think I get them by mail
You still have a good point. One can go months without logging into
ebay, but only days without reading email.
What might happen to me if I don't. Apparently they still won't have
my paypal login or password, and it's hard to get them to ship anywhere
but my own home, so what can hackers do to me? Buy something but not
pay for it?
The situation has been discussed on a number of blogs and several nation
news stations. Not to mention a few private list I sub to on the subject.
True or not the simplest solution is to go to eBay's web site and manually
change your PW. Do/don't take the precautions -- your money/your options.
The IT oriented blogs are giving eBay awards for the suckiest handling of a
security breach yet. The news was all over The Register, Betanews, and
Slashdot before eBay got around to putting a lame suggestion that you might
want to change your password on their homepage.
I believe the whole story about the heartbleed bug and now the hacked
ebay profiles is a way to provoke users to change their passwords. My
theory is that NSA is prepared for a mass password change.. I hope I'm
I'll add that if you use the eBay app on an iPad, the Password Update
message is there, but only if you scroll down to the bottom of the app's
home page. That is not typically what a user needs to do, at least not me,
so I didn't see the message until I decided to actually look for it based
on this discussion.
I changed my password on the main site through FF only after hearing about
it in this forum. At the time I changed it, there was no message on the
home page. As others have said, the only time I saw the message was when I
was already on the password change screen. That's just a tad too late.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.